Several agencies, including the Cybersecurity and Infrastructure Security Agency, collaborated to publish a new set of recommendations for the use of open source software, or OSS, in critical infrastructure facilities and operational technology organizations.
CISA announced Tuesday that the guidance was developed in partnership with the FBI, the National Security Agency and the Department of the Treasury as a function of its 2023 open source software planning initiative.
In order to strengthen security of open source software utilization, the guidance recommends increased involvement by organizations’ senior leadership in implementing vulnerability coordination and management activities. Vendors should also participate in programs that support OSS development best practices.
The document reiterated the importance of robust authentication processes and regular patch management for OT and industrial control system environments. It also endorsed the establishment of a framework for creating an open source program office to oversee security and software asset inventory.
Cybersecurity will be one of the main topics of the Potomac Officers Club’s 2023 Homeland Security Summit, taking place on Nov. 15 in Falls Church, Virginia. To participate in the event, register here or click on the link below.
